<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-lear-iotops-mudextras-01" category="std" consensus="true" submissionType="IETF" updates="8520" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="More MUD">Some MUD Extensions and Clarifications</title>
    <seriesInfo name="Internet-Draft" value="draft-lear-iotops-mudextras-01"/>
    <author fullname="Eliot Lear">
      <organization>Cisco Systems, Inc.</organization>
      <address>
        <email>lear@cisco.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Operations and Management</area>
    <workgroup>IOT Operations</workgroup>
    <keyword>MUD</keyword>
    <keyword>IOT</keyword>
    <abstract>
      <?line 38?>

<t>Manufacturer Usage Descriptions (MUD) provide a means to describe device network behavior.  This memo clarifies some aspects that may improve both usability and interoperability.  Some examples include how to handle IP-based access-lists, broadcasts and multicasts of various forms, and QoS.  This memo updates RFC 8520.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://elear.github.io/draft-lear-mudextras/draft-lear-iotops-mudextras.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-lear-iotops-mudextras/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        IOT Operations Working Group mailing list (<eref target="mailto:iotops@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/iotops/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/iotops/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/elear/draft-lear-mudextras"/>.</t>
    </note>
  </front>
  <middle>
    <?line 42?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Manufacturer Usage Descriptions (MUD) <xref target="RFC8520"/> provide a means to describe device network behavior.   Operational experience has introduced a new use of MUD: to more clearly describe device network behavior and network access requirements in order for it to properly function.  The MUD file itself can serve as a contract that is written by the device manufacturer and enacted and observed by both OT and IT services and organizations.  This means that the descriptions should be as complete and accurate as possible.</t>
      <t>Experience has shown that certain cases require clarification, and in some cases new extensions.  For example:</t>
      <ul spacing="normal">
        <li>
          <t>Some devices make use of directed broadcasts, which are not supported in all networks.  When they are, there is a need to understand each and every network segment to which such a device may be attached.</t>
        </li>
        <li>
          <t>Some devices hardcode certain IP addresses.  MUD itself augments <xref target="RFC8519"/>, which specifies an access control list (ACL) schema in YANG.  Within that context, therefore, it should be possible to employ ACLs that match that schema.</t>
        </li>
        <li>
          <t>Some devices make use of multicast, and in some of those cases, multicast packets may need to be sent or received across network segments.</t>
        </li>
      </ul>
      <t>While one could argue whether or not either of these approaches should be used by device manufacturers, the reality is that they are used.  Therefore, MUD should provide a means to describe them.</t>
      <t>This memo updates <xref target="RFC8520"/> by clarifying that IP-based ACLs <bcp14>MAY</bcp14> be used in MUD files, and by providing a MUD extension to describe directed broadcasts.  It also clarifies that all devices are assumed to both send and receive broadcasts, and provides an example of how to use ACLs to describe multicast behavior.</t>
      <section anchor="conventions-and-definitions">
        <name>Conventions and Definitions</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

</section>
    </section>
    <section anchor="clarifications">
      <name>Clarifications</name>
      <section anchor="acls-in-mud">
        <name>ACLs in MUD</name>
        <t>As mentioned above, RFC 8519 specifies a YANG schema for ACLs.  Nothing in the specification prevents the use of ACLs to describe the network behavior of devices in a MUD file.  For example, the following is a valid MUD file that describes a device that is allowed to connect to a cloud service.</t>
        <figure anchor="figacl">
          <name>Example ACL in MUD file</name>
          <artwork><![CDATA[
{
  "ietf-mud:mud": {
    "mud-version": 1,
    "mud-url": "https://iot.example.com/modelX.json",
    "mud-signature": "https://iot.example.com/modelX.p7s",
    "last-update": "2022-01-05T13:30:31+00:00",
    "cache-validity": 48,
    "is-supported": true,
    "systeminfo": "Sample IoT device",
    "mfg-name": "Example, Inc.",
    "documentation": "https://iot.example.com/doc/modelX",
    "model-name": "modelX",
    "from-device-policy": {
      "access-lists": {
        "access-list": [
          {
            "name": "mud-65443-v4fr"
          }
        ]
      }
    },
    "to-device-policy": {
      "access-lists": {
        "access-list": [
          {
            "name": "sample-ipv4-acl"
          }
        ]
      }
    }
  },
  "ietf-access-control-list:acls": {
    "acl": [
      {
        "name": "sample-ipv4-acl",
        "type": "ipv4-acl-type",
        "aces": {
          "ace": [
            {
              "name": "permit-https-to-my-cloud-service",
              "matches": {
                "ipv4": {
                  "protocol": 6,
                  "destination-ipv4-network": "10.1.2.3/32"
                },
                "tcp": {
                  "destination-port": {
                    "operator": "eq",
                    "port": 443
                  }
                }
              },
              "actions": {
                "forwarding": "accept"
              }
            }
          ]
        }
      }
    ]
  }
}
]]></artwork>
        </figure>
        <t>A few cautions about using native IP addresses in MUD files:</t>
        <ul spacing="normal">
          <li>
            <t>They should only ever refer to globally unique addresses that are coordinated by the device manufacturer.</t>
          </li>
          <li>
            <t>Address changes will necessitate a new MUD file, which must be signed and retrieved by MUD managers.</t>
          </li>
        </ul>
        <section anchor="discussion">
          <name>Discussion</name>
          <t>Some device manufacturers will use hardcoded IP addresses to bootstrap functions like the domain name system (DNS).  The use of anycast servers is not uncommon.  Others simply do not want to introduce a dependency on DNS.</t>
        </section>
      </section>
      <section anchor="directed-broadcasts">
        <name>Directed Broadcasts</name>
        <t>Some devices make use of directed broadcasts to communicate with devices either on the same subnet or on remote networks.  Directed broadcasts require local topological knowledge, specifically the subnet mask of the network to which the device is attached.  That information cannot be used across deployments, and so is inappropriate for MUD files.</t>
        <t>To address this, we specify a MUD extension here that indicates that the device uses directed broadcasts.</t>
        <t>Extension name: directed-broadcasts</t>
        <t>A new object is added to the MUD file, called directed-broadcasts.  It contains two boolean elements:</t>
        <ul spacing="normal">
          <li>
            <t>inbound: indicates whether the device must receive directed broadcasts.</t>
          </li>
          <li>
            <t>outbound: indicates whether the device must send directed broadcasts.</t>
          </li>
        </ul>
        <section anchor="the-directed-broadcasts-extension">
          <name>The directed-broadcasts extension</name>
          <t>The YANG tree for this extension is as follows:</t>
          <figure anchor="figmud-directed-broadcasts">
            <name>YANG tree for directed-broadcasts extension</name>
            <artwork><![CDATA[
module: ietf-mud-directed-broadcasts

  augment /mud:mud:
    +--rw directed-broadcasts
       +--rw inbound?    boolean
       +--rw outbound?   boolean
]]></artwork>
          </figure>
          <t>The YANG model for this extension is as follows:</t>
          <figure anchor="figmud-directed-broadcasts-yang">
            <name>YANG model for directed-broadcasts extension</name>
            <artwork><![CDATA[
module ietf-mud-directed-broadcasts {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-mud-directed-broadcasts";
  prefix mud-directed-broadcasts;

  import ietf-mud {
    prefix mud;
    reference "RFC 8520: Manufacturer Usage Description (MUD)";
  }

  organization
    "IETF IOTOPS Working Group";
  contact
    "WG Web:   <https://datatracker.ietf.org/wg/iotops/>
     WG List:  <mailto:iotops@ietf.org>
     Author:   Eliot Lear <mailto:lear@lear.ch>";
  description
    "
     Copyright (c) 2026 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject to
     the license terms contained in, the Revised BSD License set
     forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX
     (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
     for full legal notices.

    This module defines a MUD extension for directed broadcasts.";
  revision 2026-07-05 {
    description
      "Initial revision.";
    reference
      "RFC XXXX: Some MUD Extensions and Clarifications";
  }
  grouping directed-broadcasts-group {
    description
      "Indicates whether the device uses directed broadcasts.";
    container directed-broadcasts {
      description
        "Indicates whether the device uses directed broadcasts.";
      leaf inbound {
        type boolean;
        description
          "Indicates whether the device must receive directed broadcasts.";
      }
      leaf outbound {
        type boolean;
        description
          "Indicates whether the device must send directed broadcasts.";
      }
    }
  }
  augment "/mud:mud" {
    description
      "Augments the MUD model with directed-broadcasts.";
    uses directed-broadcasts-group;
  }
}
]]></artwork>
          </figure>
        </section>
        <section anchor="example">
          <name>Example</name>
          <t>The following is an example of a MUD file that indicates that the device uses directed broadcasts in both directions.</t>
          <figure anchor="figmud-directed-broadcasts-example">
            <name>Example MUD file with directed-broadcasts extension</name>
            <artwork><![CDATA[
{
  "ietf-mud:mud": {
    "mud-version": 1,
    "mud-url": "https://iot.example.com/modelX.json",
    "mud-signature": "https://iot.example.com/modelX.p7s",
    "last-update": "2022-01-05T13:30:31+00:00",
    "extensions": [
      "directed-broadcasts"
    ],
    "cache-validity": 48,
    "is-supported": true,
    "systeminfo": "Sample IoT device",
    "mfg-name": "Example, Inc.",
    "documentation": "https://iot.example.com/doc/modelX",
    "model-name": "modelX",
    "directed-broadcasts": {
      "inbound": true,
      "outbound": true
    }
  }
}
]]></artwork>
          </figure>
          <t>Note that in all likelihood there would also be ACLs in the MUD file, but they are omitted here for brevity.</t>
        </section>
        <section anchor="dibroaddisc">
          <name>Discussion</name>
          <t>Directed broadcasts have well known security issues (see <xref target="RFC2644"/>).  However, they are used in circumstances where a limited amount of configuration is considered acceptable, and where other mechanisms such as multicast cannot be expected to be available in <strong>all</strong> deployments.  The purpose of this extension is <strong>not</strong> to encourage the use of directed broadcasts, but rather to provide a means to describe them in MUD files when they are used.</t>
        </section>
      </section>
      <section anchor="handling-of-multicast">
        <name>Handling of Multicast</name>
        <t><xref target="RFC8520"/> does not specify how multicast should be handled.  Use of multicast for discovery is relatively common.  However, support for multicast beyond the local link is by no means guaranteed.</t>
        <t>Unlike directed broadcasts, however, multicast addresses are not typically tied to a local network topology.  For this reason, MUD files <bcp14>MAY</bcp14> contain multicast addresses in ACLs.</t>
        <t>The following ACL fragment can be used by either the to-device or from-device ACL to permit multicast:</t>
        <figure anchor="figmud-multicast-acls">
          <name>Example multicast ACE that can be used in a MUD file</name>
          <artwork><![CDATA[
{
  "ace": [
    {
      "name": "permit-multicast",
      "matches": {
        "ipv4": {
          "protocol": 17,
          "destination-ipv4-network": "224.0.0.0/4"
        }
      },
      "actions": {
        "forwarding": "accept"
      }
    }
  ]
}

]]></artwork>
        </figure>
        <t>While this example demonstrates how a device may send or receive multicast traffic, it doesn't specify whether those packets may need to be transmitted across network segments.</t>
        <section anchor="multicast-across-segments-extension">
          <name>Multicast Across Segments Extension</name>
          <t>Whether a manufacturer intends for multicast packets to go beyond a local segment is something that can be expressed in the MUD file with the following extension:</t>
          <t>Extension name: multicast-across-segments</t>
          <t>This extension does not extend the MUD YANG model; its presence in a MUD file simply signals to the network operator that multicast may be required to traverse network segments.</t>
          <t>This will be useful when multicast is intended for purposes <strong>other</strong> than local discovery.  On its own it doesn't specify which multicast groups the device may need to join.  An ACL that permits multicast traffic is still required.</t>
        </section>
        <section anchor="discussion-1">
          <name>Discussion</name>
          <t>Examples might include the following:</t>
          <ul spacing="normal">
            <li>
              <t>A controller that requires consistent behavior across a set of devices in a timely fashion. It may use multicast to communicate with all of them.</t>
            </li>
            <li>
              <t>A smoke detector that is part of a building-wide alarm system.  If one smoke detector detects smoke, it may multicast a message to audible and visual alarms throughout the building to sound the alarm.</t>
            </li>
            <li>
              <t>On-hold music is a historical example, where music is distributed via multicast.</t>
            </li>
          </ul>
          <t>Note that operational issues associated with multicast, such as the scope of a multicast group, are outside the scope of this document.  Here we are merely documenting the device's behavior and network requirements.</t>
        </section>
      </section>
      <section anchor="handling-of-broadcasts">
        <name>Handling of Broadcasts</name>
        <t><xref target="RFC8520"/> does not specify how broadcast should be handled.  Devices may make use of broadcast for many reasons, including discovery, fast failover, expedited processing, and so on.  There are a sufficient number of reasons to use broadcasts, that simply identifying that a device uses broadcasts seems as useful as saying that a device uses IP.  Therefore, in the context of MUD, all devices are assumed to both send and receive broadcasts.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The YANG module specified in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF <xref target="RFC6241"/> or RESTCONF <xref target="RFC8040"/>.  The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) <xref target="RFC6242"/>.  The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
<xref target="RFC8446"/>.</t>
      <t>The NETCONF access control model <xref target="RFC8341"/> provides the means to
restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.</t>
      <t>MUD files are intended to be retrieved from a web server, and so the security considerations of <xref target="RFC8520"/> apply.  In addition, see <xref target="dibroaddisc"/> for a discussion of the security implications of directed broadcasts.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="directed-broadcasts-mud-extension">
        <name>Directed Broadcasts MUD Extension</name>
        <t>IANA is requested to make the following additions to the "Manufacturer Usage Description (MUD) Extensions" registry:</t>
        <artwork><![CDATA[
Name: directed-broadcasts
Reference: [RFCXXXX] (this document)
]]></artwork>
        <artwork><![CDATA[
Name: multicast-across-segments
Reference: [RFCXXXX] (this document)
]]></artwork>
        <t>The following YANG namespace is registered for the directed-broadcasts MUD extension:</t>
        <ul spacing="normal">
          <li>
            <t>Namespace: urn:ietf:params:xml:ns:yang:ietf-mud-directed-broadcasts</t>
          </li>
          <li>
            <t>Prefix: mud-directed-broadcasts</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC8520">
          <front>
            <title>Manufacturer Usage Description Specification</title>
            <author fullname="E. Lear" initials="E." surname="Lear"/>
            <author fullname="R. Droms" initials="R." surname="Droms"/>
            <author fullname="D. Romascanu" initials="D." surname="Romascanu"/>
            <date month="March" year="2019"/>
            <abstract>
              <t>This memo specifies a component-based architecture for Manufacturer Usage Descriptions (MUDs). The goal of MUD is to provide a means for end devices to signal to the network what sort of access and network functionality they require to properly function. The initial focus is on access control. Later work can delve into other aspects.</t>
              <t>This memo specifies two YANG modules, IPv4 and IPv6 DHCP options, a Link Layer Discovery Protocol (LLDP) TLV, a URL, an X.509 certificate extension, and a means to sign and verify the descriptions.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8520"/>
          <seriesInfo name="DOI" value="10.17487/RFC8520"/>
        </reference>
        <reference anchor="RFC8519">
          <front>
            <title>YANG Data Model for Network Access Control Lists (ACLs)</title>
            <author fullname="M. Jethanandani" initials="M." surname="Jethanandani"/>
            <author fullname="S. Agarwal" initials="S." surname="Agarwal"/>
            <author fullname="L. Huang" initials="L." surname="Huang"/>
            <author fullname="D. Blair" initials="D." surname="Blair"/>
            <date month="March" year="2019"/>
            <abstract>
              <t>This document defines a data model for Access Control Lists (ACLs). An ACL is a user-ordered set of rules used to configure the forwarding behavior in a device. Each rule is used to find a match on a packet and define actions that will be performed on the packet.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8519"/>
          <seriesInfo name="DOI" value="10.17487/RFC8519"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC2644">
          <front>
            <title>Changing the Default for Directed Broadcasts in Routers</title>
            <author fullname="D. Senie" initials="D." surname="Senie"/>
            <date month="August" year="1999"/>
            <abstract>
              <t>This document discusses and defines a number of tests that may be used to describe the performance characteristics of a network interconnecting device. In addition to defining the tests this document also describes specific formats for reporting the results of the tests. This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="34"/>
          <seriesInfo name="RFC" value="2644"/>
          <seriesInfo name="DOI" value="10.17487/RFC2644"/>
        </reference>
        <reference anchor="RFC6241">
          <front>
            <title>Network Configuration Protocol (NETCONF)</title>
            <author fullname="R. Enns" initials="R." role="editor" surname="Enns"/>
            <author fullname="M. Bjorklund" initials="M." role="editor" surname="Bjorklund"/>
            <author fullname="J. Schoenwaelder" initials="J." role="editor" surname="Schoenwaelder"/>
            <author fullname="A. Bierman" initials="A." role="editor" surname="Bierman"/>
            <date month="June" year="2011"/>
            <abstract>
              <t>The Network Configuration Protocol (NETCONF) defined in this document provides mechanisms to install, manipulate, and delete the configuration of network devices. It uses an Extensible Markup Language (XML)-based data encoding for the configuration data as well as the protocol messages. The NETCONF protocol operations are realized as remote procedure calls (RPCs). This document obsoletes RFC 4741. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6241"/>
          <seriesInfo name="DOI" value="10.17487/RFC6241"/>
        </reference>
        <reference anchor="RFC8040">
          <front>
            <title>RESTCONF Protocol</title>
            <author fullname="A. Bierman" initials="A." surname="Bierman"/>
            <author fullname="M. Bjorklund" initials="M." surname="Bjorklund"/>
            <author fullname="K. Watsen" initials="K." surname="Watsen"/>
            <date month="January" year="2017"/>
            <abstract>
              <t>This document describes an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8040"/>
          <seriesInfo name="DOI" value="10.17487/RFC8040"/>
        </reference>
        <reference anchor="RFC6242">
          <front>
            <title>Using the NETCONF Protocol over Secure Shell (SSH)</title>
            <author fullname="M. Wasserman" initials="M." surname="Wasserman"/>
            <date month="June" year="2011"/>
            <abstract>
              <t>This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6242"/>
          <seriesInfo name="DOI" value="10.17487/RFC6242"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC8341">
          <front>
            <title>Network Configuration Access Control Model</title>
            <author fullname="A. Bierman" initials="A." surname="Bierman"/>
            <author fullname="M. Bjorklund" initials="M." surname="Bjorklund"/>
            <date month="March" year="2018"/>
            <abstract>
              <t>The standardization of network configuration interfaces for use with the Network Configuration Protocol (NETCONF) or the RESTCONF protocol requires a structured and secure operating environment that promotes human usability and multi-vendor interoperability. There is a need for standard mechanisms to restrict NETCONF or RESTCONF protocol access for particular users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. This document defines such an access control model.</t>
              <t>This document obsoletes RFC 6536.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="91"/>
          <seriesInfo name="RFC" value="8341"/>
          <seriesInfo name="DOI" value="10.17487/RFC8341"/>
        </reference>
      </references>
    </references>
    <?line 391?>

<section anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>TODO acknowledge.</t>
    </section>
    <section anchor="changes">
      <name>Changes</name>
      <ul spacing="normal">
        <li>
          <t>01: Cleaned up text, added updates header, revisited multicast.</t>
        </li>
        <li>
          <t>00: Initial revision.</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA91bW3PcxpV+x6/oHT1YUojhRbTsjLx2aJK2WCWRikiV4krp
oQfomYEFoMdogOOJivtb9rfsL9vvnNONy8yQUpJKHkKXRaDRl9PnfmMcx1Gd
1bmZqNG1LYx6/e5Mnf9em9JltnRKl6k6zXWVzbJE1zQ0ivR0WplbLHhtK14w
ivDNzG21nihXp1GzTPHuJurbr48Ooii1SakLnJBWelbHudFVnNnaLl1cNKn5
va60iw8OI9dMi8zRufV6iekX5zc/KfVI6dxZnJaVqVka/FPWoz01MmlW2yrT
Ob1cnPyIX7bC09ubn0ZR2RRTU00igmMSJQAbF2oAUV01JgLszyJdGY1dr5am
kovxXV/rUs9NQWdEK1t9nFe2WWLaxdWN6qaOoo9mjc/pJFIxYYB+YUp0a8oG
Byp13zql5G6j99g8K+fqZ5pI44XOcrolI+ZPmalnY1vN6YuukgW+LOp66Sb7
+zSRhrJbMw7T9mlgf1rZlTP7ssU+LZ1n9aKZYrEhrO/3CNBinqblRK66dwZP
H8vqcWZ3Ltx/gJzjRV3koyjSTb2wFWEJpyg1a/JcWGF0nmONeoXFI/6ES+gy
+xvjaaJOM5dYdb12tSncnrookzHPMh5LdOifEpo0TmyBg0pbFVh7C+RHWTnr
vY3H4yiK41jpqQNoSR1FIHIzw1NTmUq9cyC4OjMuqbKlMMJjUPSJWlb2NkuN
0qowGqO1VSnPmho83GaJUaWpiUnU1Cz0bWarsVI3i8xhQWFVImJjnHIkWNot
TVJjm4WuQey1ygo6waiprReqcXqa5Vm9Zi7MytpUlthGBrEvC6f5XRfLHDtm
ZZID12phVwTXAotyoy7exFPtTKp0khjn4jxzNbAHttBpovHMmxdNXmfyamfq
FkDaxilCGebShD/b68FFvDirtz+dskR7fBZZikOj6BHIU1c2bRLC3pdi99On
/8J+tN3d3T+I6k6wdA7U4CUzJaYuNCFIQCJkYO0KCDZ0XZw9oe0LUl0JsVG+
/uxZjJUwKLhVlfmtySrWFHQa+DfFdYFFldV0wJLph81nTcmIYZSKfp1lIFZW
O5PPVKJL5Ux1SwwCUKGqmEmFTUCBVZXV0MZqusZQC2HRxzFBZ0q80WXxbKe8
YUprmLmgg2j84oZPwnphhL7IuY7iTAA6Xc7rUc4tbJNjW4YVcgdWrA1vBaQ0
IAV/WFro8GluwCbnQ6Jg/aqUvRNT1RpoAx+aFplBZMTS7HlREPGRiURJ01on
wPwTEO6lArL+VMREkIS76I8mED7F/oyhThr21GqRJQvoV5Acysg1y6WtaA4O
1XkeSE7nvF8YgtysafYePWFR5pi5sAAEb2CZKlczMTTtSg+3plq3nOPMnNiF
JsvBrqF5HU3XjNq6xnKTjreus9BVmliISUDexRul07QCOxqCkVjLc5Vu5sKZ
QcwO/3h3F+5LikgUE3jPszPznc0VqQz1+OT01RPlAEWhCRe/nFz+TDiAOcgC
/TAfhPCYANsDKWD8jkMCF9BtDchj1wq7tuqvBhz8KKdsX7ZPu1ZjDVkCX2Bd
nOeNvW6aWurko6kdozTQBzA5wj4YBpxgslvWkxXA3CSQAzTvFySjtsTmfCNd
zRsD/Bm6L+1BDGMyeSM4DODQS0g9Ea8vKo0TSdwhuY7RB3A0a/6skztmM14q
aiOgmEjst35IZ2KHApfYVuEDrQugRODW5Ijw0a0FYVq9PvmlvQGQHlSXNxNY
LjDQas1fW9EcavBt0cOtLmp27HpmkiEguQs8QDjQzjWFpyDpMtBQtJwn4kCe
adzjhZnbawaikLeUxFHChz0AO8ZprQvM2iN1aks4dJ1zeGZmWZnxOyHXKHiB
itxAB1/43fUNeaL0W11e8fPb8z+/u3h7fkbP1y9PXr1qHyI/4/rl1btXZ91T
t/L06vXr88szWYxRNRiKRqDNSC48unpzc3F1efJqpFg6QXN43A2rGsKg8D67
FMvKsJFwUbg7E/bH0zf/97+Hx547jg5JWQRWOfzmGC9gfK+PbQmbJq/EpxF4
HkY0aMxEL7MaZN1Trbon5iXx/ith5sNEfTdNlofH3/sBuvBgMOBsMMg42x7Z
WixI3DG045gWm4PxDUwP4T35ZfAe8N4b/O6HPIPOiA+//eH7iFyjYezEXMXs
J+IURSckoMxiRJcp/ME972cd/rGvqFkHB5VMXgbtAim6tKST50J5E1bIcRAF
c8tWgD55XbrF/PRty+Ehg+mFkCjbiv7Q4or6mtk8tysGggC9hTJLOzeHhToc
5jprF/wbTYtFvmFTSpOwfYQjlNsmDf4K+Od/6Cf6hChgREEPhRoT/D+aqE8c
GYzwEsPckvbB4OFeN9pU+agX2yDuGPsLUPCwX8Ck5n8Z/+qwsLfKZfNSk5r+
grXLb1xYmkONxKJuaeHRwdERYtv44Oubw2eTZweTZ4d/ODiYHByE+QnZi5iR
BhuAJcff+i+Zi1uPZCSRq//iOC6iMIeOuBYdd2FvPG7bW8zmMUVbNOk8UIxC
qTAhqAnmloeuiYn+qu3e9NbuPvw2q2wRCyjx0uZZsm6phK/92KQ3PvyCD39t
P6jeJJ7YHgsyPf/6+PhZfHs883Gk/Ny1zx+i/sidB7G2/xYAHaMwzpa3x7FO
8i+CMPJQCpv7I717xkdPsFMH2Ij27YDpQXsfEHvdFMpF0JTwLeaBvf6NzRAH
MrZx+8379w6H/19kdcyMFQPrxTpmyY69ZPcO8yvZN9w61X8kQHd+wTcY/tom
lrDxfHNXngAtVGclM7tgw6s9gvPwYHw4Pho/2392NNpae7e93ahOlvcB0j+H
xPeeeZjJIX5tK4LA/LaFi3Ax2QN8vuP73Ta0GyNb0IOCko3aiWIYlxUCDehz
gor4b1lvomR4RP/tQ7Q5Kr9p/C66C2p88miWzcFwinOP/x3UE1mnvqc5uoOF
VDMEfYluvB82tU0NY0b2puQczyAMGvipHBHekDftfWZ2Xigog/c4w7+wNPPc
TmGD1ojfst/g4nc7iTtKUam1hA9diyN/Txg+xlknslglC13OscUq4yiSRBhu
EYXHHMEGAENAVjTseioyOSZ4tzUCZx/E0/yCE5OVY8/0kTrLXNJwrjSKenHT
MLyQ88nwh9AxHSKLnWpbU15s2SYqHILAj+IXpLagOJOEWYnRUY/PLq+f+FyG
dyl0uWbnmbMOOBVWnaIjbGeLghMfVxQnwSHMQGREQpa/r7TEwm2qhp0DyfAm
a9BK4ShxxM9CBPFj6+wPrv3ZUF/ci6IAkSlVDcQglAhrQxjnXSi+bDOFcqA4
D6MVIqja9LMBZztOCDmM3CYafG1hWOw8o+ePpV3lJp2D3q1/RhzHp8lBhXYf
fRzZOmNtmqDHcOQwhfwA0YB8qJDttJRNKQmzIWbz4S2QivCbI1vx4RF1ZSQp
HK8uq4wwQj5lKzgUO9rAJxxSgFWDd7neCvY4GSIOXZkyggcZJIa8IX7bFQlS
lihs5MsEflY87VH7hCXHTn8lD5HQkKbiNda9pNqeIsxifMcWEnKSIQVLA74V
835uKEzMJY/H+iIroWHKdNK7Swj7+5JPIhtC0J3XeqqgqL54Kw5rd6OHxJ2k
bcedOhpIPMpBQl0ZISeHgh2VCGnOe+t0VdbE8NwaKv4EnzreiXwVEkpq3/vd
E9bqf4jjarWTXt4IyASP0h9oxON8OCFg6ofehJ6huAeuYDyGt34QTWRQOkyx
2/qlqAq4ehBVbFDXUP4hFFGH48MXGCPOdku4TmrUVOWE9pgsdaULN/m9yCel
m9CqyUN7j2gfhHSz7Hd1z5QXRCooWTgMLZjexncLX/A7G0DOzI5CXn+iHk7d
S+aewbijg/r5Y/FFuWJ3cXVz9eZaDQtctIhlL6ll6vuf1XszneDxuxB1IGbS
lPz+CGPaFrZW81DP+l54BgtfkReMhVQMqu1ko2Tm551I6QlPXampXcL1I65x
JYvvGbheolsAlF1O7XJdZfNFrR4nTxSiuedSlrypSGpJmZIkw41zZDgzKk5S
xM45Ft5AKmAuKHcywtBEJ7DLvC3ZDcnWjyNZ8NakuB6iZXZ4+Aiya5z0bKpE
8u1TKO9qHYo2bM1sJevphVwkcGsvlQ6OFlec1MuyqVwj1tcbhEb0am1lD4IU
YRGkAXody1zQm5wvkrD/LbQXGZkfr89AEJnrjFCXAANIgPnasE+hjsdJQEGH
v68cqDKHhXxDOTtO6Qcc5ICbkpJWpp/5SNV/fxxYpqZtTK8O6qGOySo+CSjl
PGgQSIYC70EDsEgDOxoyg28kDH/Bz8ZBq9VqXM2SWKrOfBQdsY8xmv3kBe4u
PhNtIFn4FhVc91Q5XxX2mZwOD5pkaAWIlLKLnCIZWte+UutbBmbbygjimDXj
g2/ig6+9wG8yNIknJS8BQ1gkW/R0QZgYkDBRX9gTIDrBl72JcDuUU8wfH4Lu
ASN5r/vgrxD4c7f+D2HO9qn/7LkKZNWzYOF68RRF0sGWvWhHdwHwORA+62q0
oNz1QQo29V8H070+ywZAd545gg8xCk7E6H5mOAkFrODeia0Wv32Hc+ePHJBr
i/de7AhC77GkMZnjgYPROQuf9TDIY/MRrXgbwxTpoC6hN1Klf78HTWqWSyPy
jQuj/7n50q7620tCjXa5S5J3+M9Ns+66cy+N6VXS4EqUcvJqwY/3BPTL5CKw
7kbipmXi+yR0KCGXFFB7fufCEaUc8mxhbepr6yspu1KFcGramskw2IOL1BVL
rXdueDWJKTWpUe/MZsJEfXqUZgwYHK0EwOyK5hcaynZlconeqUUjaSop0roG
cviYzP2nTz9Qvez58fHdHeVEXtoVJZf2hhVcgjvJKvAAdQckolCpsolLA2by
FQtQhL0PmDHgvpGuFlIW1LoGr7LyTT3LWk/p5mSCZRfLqrkwlHLKHDw1aSpw
vaJmlxWgJhm+qdQE9S21klGRHiA+fQo6PH3azxb4NA/cxaV1pvWcBnHS06fY
G8uozF8m8FApaOjVm3b2XRDhcMeFpOA+V8ke5PS49rhRIucc0UvqgSIVS10+
4e5R9OlTV/BOrZHUVEhkUFG4w1NXs5d+KkqxvNvoQPAGwCWWWzsy8t9zTkPm
a9Xmu1pG8JqFV/WrzGvrIwfJFgHuj7TXdA3wPBbmDcLDEs4t3e9dyTm5nchc
hMO6A7oMX+htgekPWadM6K/92V26iTNWa1/iY0pXRjuKHjrsU0uA97V2nodh
rkxu2j1K7M7AG+wAUM9TrzPC598IHW1dhlJvvToSrydW4RimO3kyMHT9ykSr
BzcqEe3SNtu+s+Kwq9LQrzAcftPPqj9YWjg6Oh4f0H/7x10evc2Ot1DsSso/
mIzvnKsP0N1byru9KBV23Ka+7mh3cnruW3p6VBkUfUlhSz+MF3/ZIjVgdkod
k7NCkjToZGLnsOu16R2IFTNEDtwvRBJZftUJZOdqksK5p40HG5TOa/v7O3hI
6b/ubinzrv33Lpyhq8mZethVRw0TZeo2RDeARJUDGwQ5iFJo8Mqk5VMq833c
Qv+ynKSbtkzM5rCa3qrZyXaKtE9culgcLu6bfjoV3eo8HkrbUzuf9gWFq5Qf
cpwOGpA+pOzZuctdyLcGdIf6le/qarHkW9l8SlzStJUmb9PsIhWDzLUK4T+E
y6Lmux05X00XwG5EEW+TyP6wBSQLBK3tCdEqaKo9lHw/MuI7GU4KMOEcjhPc
sMbTMd+vNiP1flKKPqJLi1px2/zNXFDTpQIadpRuzkNDb8E5ptDWO2AEzkqf
hA693Hhs+129iwBPtax7DavC7poyMlvNHHVWkLWaabfgvtQLIRgZ7N4tdhRM
yFGTJE4xFqBcYcksmRpmKbBBL5miYemznNRXvGILn+uq8JUkysfPuMNuYxN5
cDLMWoKg6xkbGEjHuUmyYk3KXYbkEN1mrgHx+RAiIUg551QYoTMAQoscx8U0
ynP5LldlvLA5dUc7oZ1W4Er6C4OEu4u9Xy9OVzupTdUZOl53UI77Pq7t9Sl7
/1E7Z5OMS4qM2l6LY3DguDyUYK1gcoNH98TpbWpyD4dzBy1g5I2wP214QYFn
LsHJV1FQgde/crtbnvu9ztvOVr8m91lvq3VcdnpbZ201bz2o6HWrWBvrcu1d
E7g/IjOSc/JSv0e8jbnwbi17RuT3puxqw4RzNbact6Ww0JpdCYYgMw3Jb0YC
JX9HQiD480IPYd8Bkz5WUZQ+A9x1VOpB+N6LMBBAFFxm8AqPGub0fesu3gz7
QL358F24vrF9759pniS6UrZWopxTH3boXrNjP2EaOtPS7ZbDLo3Z61aj1H4U
tAOcJSl0+yiEW1y8AAWWK9q/w1HB65LQJgKeLs9vTq8uf/Lx1/Oj40OwG055
e37d//DtwTH40Acx1GUGnghLc702VZR5KaNre7+C3XX+utem9wFMSmZuTR0s
RGcBTJZF3bLMCQaNul5Q6Pj4+vrlkw7Ko01gWnhbaF7e3Ly5/sKD1eDgm1fX
kb/28fFznCREC/fdaPOWZJaf/4zx1/bN8sE+EItgYKDgkjpswLYX2j1LGqjO
dvs+8sGwFcuJjuBUhIjWcJXBmyPi0y743LVJIHpkh3+fxRxfknrtYhLi9NY5
EJ7q2icoiAAvrszU9ye0ct9Snhg+GTA8wdhXZXoJ2SaDVVKok0lJRTIA/VTC
HaNHsyLyuQZf8+jSByBiyJrfEx6zJF6cXJ5sSeHuTohhej6KeGkmDQmgnuCE
tenQvww3ab260ZeU/3qFgBGOmJMBXLdh2OW9Bfy3ocaAAA2IperCB/V4oDqe
+E0Ge93v6f49Ow6DUdZkXUWWcUUX4TSLlIN3l9sHhRn2yy7DLhP1j9Z1scsb
Ls5O7ivrRvIHV1PEHsQbJ0noKAku/9XZFQS07TNhDjqVHiQC8uBwok4p6Y/r
NUslf7ghDRThDwMWRqckG1IaIqbpuTLY4WCitqpH0f8D256Anj06AAA=

-->

</rfc>
